function FileUpload($resourceType, $currentFolder, $sCommand) { if (!isset($_FILES)) { global $_FILES; } $sErrorNumber = '0'; $sFileName = ''; if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) { global $Config; $oFile = $_FILES['NewFile']; // Map the virtual path to the local server path. $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand); // Get the uploaded file name. $sFileName = $oFile['name']; $sFileName = SanitizeFileName($sFileName); $sOriginalFileName = $sFileName; // Get the extension. $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1); $sExtension = strtolower($sExtension); if (isset($Config['SecureImageUploads'])) { if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) { $sErrorNumber = '202'; } } if (isset($Config['HtmlExtensions'])) { if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) { $sErrorNumber = '202'; } } // Check if it is an allowed extension. if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) { $iCounter = 0; while (true) { $sFilePath = $sServerDir . $sFileName; if (is_file($sFilePath)) { $iCounter++; $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension; $sErrorNumber = '201'; } else { //Add by Le Huu Binh 25-05-2010 $image = new ImageLib(); $image->load($oFile['tmp_name']); $orinWidth = $image->getWidth(); if ($orinWidth > 500) { $image->resizeToWidth(500); } $image->save($sFilePath); //End Add by Le Huu Binh //Line below was disabled by Le Huu Binh //move_uploaded_file( $oFile['tmp_name'], $sFilePath ) ; if (is_file($sFilePath)) { if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) { break; } $permissions = 0777; if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) { $permissions = $Config['ChmodOnUpload']; } $oldumask = umask(0); chmod($sFilePath, $permissions); umask($oldumask); } break; } } if (file_exists($sFilePath)) { //previous checks failed, try once again if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $sErrorNumber = '202'; } else { if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) { @unlink($sFilePath); $sErrorNumber = '202'; } } } } else { $sErrorNumber = '202'; } } else { $sErrorNumber = '202'; } $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder); $sFileUrl = CombinePaths($sFileUrl, $sFileName); SendUploadResults($sErrorNumber, $sFileUrl, $sFileName); exit; }